Showing papers on "Java applet published in 2003"

Access Control Based on Execution History.

Abstract: Security is a major, frequent concern in extensible software systems such as Java Virtual Machines and the Common Language Runtime. These systems aim to enable simple, classic applets and also, for example, distributed applications, Web services, and programmable networks, with appropriate security expectations. Accordingly, they feature elaborate constructs and mechanisms for associating rights with code, including a technique for determining the run-time rights of a piece of code as a function of the state of the execution stack. These mechanisms prevent many security holes, but they are inherently partial and they have proved difficult to use reliably. We motivate and describe a new model for assigning rights to code: in short, the run-time rights of a piece of code are determined by examining the attributes of any pieces of code that have run (including their origins) and any explicit requests to augment rights. This historybased model addresses security concerns while avoiding pitfalls. We analyze the model in detail; in particular, we discuss its relation to the stack-based model and to the policies and mechanisms of underlying operating systems, and we consider implementation techniques. In support of the model, we also introduce and implement high-level constructs for security, which should be incorporated in libraries or (even better) in programming languages.

Automatic design pattern detection

Abstract: We detect design patterns in legacy code combining static and dynamic analyses. The analyses do not depend on coding or naming conventions. We classify potential pattern instances according to the evidence our analyses provide. We discuss our approach for the observer, composite, mediator, chain of responsibility and visitor patterns. Our Java analysis tool analyzes Java programs. We evaluate our approach by applying the tool on itself and on the Java SwingSetExample using the Swing library.

Java Bytecode Verification: Algorithms and Formalizations

Abstract: Bytecode verification is a crucial security component for Java applets, on the Web and on embedded devices such as smart cards. This paper reviews the various bytecode verification algorithms that have been proposed, recasts them in a common framework of dataflow analysis, and surveys the use of proof assistants to specify bytecode verification and prove its correctness.

Method and System for Providing Secure Access to Private Networks

Abstract: Improved approaches for providing secure remote access to resources maintained on private networks are disclosed. According to one aspect, predetermined elements, such as applets, can be modified to redirect all communications to and from an application server through an intermediate server. The intermediate server in turn communicates with the application servers. According to another aspect, a communication framework can be provided to funnel communication between an applet and a server through a communication layer so as to provide managed and/or secured communications there between.

Java Applet Correctness: A Developer-Oriented Approach

Abstract: This paper presents experiments on formal validation of Java applets. It describes a tool that has been developed at the Gemplus Research Labs. This tool allows to formally prove Java classes annotated with JML, an annotation language for Java that provides a framework for specifying class invariants and methods behaviours. The foundations and the main features of the tool are presented. The most innovative part of the tool is that it is tailored to be used by Java programmers, without any particular background in formal methods. To reduce the difficulty of using formal techniques, it aims to provide a user-friendly interface which hides to developers most of the formal features and provides a "Java style view" of lemmas.

Method, system, and program for diagnosing a computer in a network system

Abstract: Disclosed is a method, system, and program for diagnosing a computer over a network, such as the Internet. A program, such as an applet, is provided that executes on the computer. The program causes the computer to download at least one object from a server over the network. Performance data is determined with respect to downloading the object from the server to the computer over the network in order to diagnose performance problems with the computer. The determined performance data is then transmitted to a diagnostic system over the network.

Random program generator for Java JIT compiler test system

Abstract: Java has been used widely, from servers to cellular phones. In order to test those Java runtime systems, many test tools have been provided. However these tools are not enough for Java JIT compilers. They should be tested by various executable bytecode sequences. Most test tools don't cover such kinds of a combination test. Therefore we developed a random test program generator and a Java JIT compiler test system. This test system automatically: 1) generates Java class files which are random, executable and finite; 2) inserts codes that output execution-process-dependent results; 3) runs these on the target JIT compiler and other tested Java runtimes; 4) compares results. In this paper, we describe how to generate random test programs, and how to test a Java JIT compiler, and then we evaluate quality (coverage) of generated random test programs.

Method for distributed acquisition of data from computer-based network data sources

Abstract: A method for facilitating efficient automated acquisition of data from computer-based network data sources, such as Internet websites, by means of one or more data aggregation servers and a distributed network of one or more client computers (each operated by and/or on behalf of one or more end users), that does not trigger “trespass on chattels” protection, violate copyright protection of database compilations of non-copyright data or allow data sources to easily detect automated data acquisition. In a specific embodiment, each user runs a java applet within their Internet browser that frequently polls a server connected to a database storing the user's preferences. Based on the user's preferences and other data stored in the database, the server generates requests (each to be issued by the client machine to a particular website) and tells the user's applet to issue those requests. Response(s) (or a processed version of those responses) returned to the server may be used by the client machine and/or returned to the server where they may be parsed, stored in the database, made available to the user (and, potentially, other users) and may trigger the server to generate follow-on requests. This method has many potential uses, including, but certainly not limited to, the aggregation of real estate data from numerous websites for homebuyers.

Tamper-resistant trusted java virtual machine and method of using the same

Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted. Secrets required by the open source programming code of the application are encrypted in TrustedDictionary.

A Type System for the Java Bytecode Language and Verifier

Abstract: The Java Virtual Machine executes bytecode programs that may have been sent from other, possibly untrusted, locations on the network. Since the transmitted code may be written by a malicious party or corrupted during network transmission, the Java Virtual Machine contains a bytecode verifier to check the code for type errors before it is run. As illustrated by reported attacks on Java run-time systems, the verifier is essential for system security. However, no formal specification of the bytecode verifier exists in the Java Virtual Machine Specification published by Sun. In this paper, we develop such a specification in the form of a type system for a subset of the bytecode language. The subset includes classes, interfaces, constructors, methods, exceptions, and bytecode subroutines. We also present a type checking algorithm and prototype bytecode verifier implementation, and we conclude by discussing other applications of this work. For example, we show how to extend our formal system to check other program properties, such as the correct use of object locks.

A design and implementation of wireless sensor gateway for efficient querying and managing through World Wide Web

Abstract: Wireless sensor networks consisting of hundreds to thousands of nodes are expected to find increasing deployment in coming years, as they enable reliable monitoring and analysis of physical worlds. These networks have unique features that are very different from traditional networks, e.g., the large number of nodes, limitation in power. Due to these unique features of wireless sensor networks, their management including querying becomes a challenging problem. In general, it is widely accepted that Web-based management should be used for managing and querying sensor networks. In this paper, we present the architecture of the sensor gateway for Web-based management and its implementation details. We assume that wireless sensor networks have 3-level regional hierarchy, but our gateway is flexible enough to cooperate with other type sensor networks. In addition, to make our gateway process user's query dynamically without intervention of user, a back socket is opened using Java applet. For this purpose, Java script code is embedded in Web page to link Java applet code.

Refactoring browser with preprocessor

Abstract: This paper presents Xrefactory a refactoring browser for C and Java languages. The paper discusses a way how refactoring browsers can thresh-passe non-trivial complications introduced by the C pre-preprocessor Resolving those problems is the next step toward so long expected refactoring browser for C++. Our solution is based on practical implementation and exemplified on renaming refactorings.

JOP: A Java Optimized Processor

Abstract: Java is still not a common language for embedded systems. It posses language features, like thread support, that can improve embedded system development, but common implementations as interpreter or just-in-time compiler are not practical. JOP is a hardware implementation of the Java Virtual Machine with focus on real-time applications. This paper describes the architecture of JOP and proposes a simple real-time extension of Java for JOP. First application in an industrial system showed that JOP is one way to use Java in the embedded world.

Off-device class/resource loading methods, systems and computer program products for debugging a Java application in a Java micro device

Abstract: A Java application is debugged in a Java micro device by selectively loading from a host computer into the device, a subset of Java classes and/or Java resource files that is used during the debugging the Java application in the device, that is automatically selected from a set of Java classes and/or Java resource files in the host computer. Thus, the need to load a potentially huge Java ARchive (JAR) file that contains all classes and/or resources, at the start of debugging, can be reduced or eliminated. The invention also may be used to load modules that are used during debugging an application on a device from a host computer.

MJ: a rational module system for Java and its applications

Abstract: While Java provides many software engineering benefits, it lacks a coherent module system and instead provides only packages (which are primarily a name space mechanism) and classloaders (which are very low-level). As a result, large Java applications suffer from unexpected interactions between independent components, require complex CLASSPATH definitions, and are often extremely complex to install and maintain. We have implemented a module system for Java called MJ that is implemented with class loaders, but provides a much higher-level interface. High-level properties can be specified in a module definition and are enforced by the module system as new modules are loaded. To experimentally validate the ability of MJ to properly handle the complex module inter-relationships found in large Java server systems, we replaced the classloader mechanisms of Apache Tomcat 4.1.18 [27] with 30 MJ modules. The modified Tomcat is functionally identical to the original, but requires no CLASSPATH definitions, and will operate correctly even if user code loads a different version of a module used by Tomcat, such as the Xerces XML parser [31]. Furthermore, by making a small change to the Java core libraries enabled by MJ, we obtained a 30% performance improvement in a servlet microbenchmark.

A portable research framework for the execution of java bytecode

Abstract: Compilation to bytecode paired with interpretation is often used as a technique to easily build prototypes for new programming languages. Some languages, including Java, push this further and use the bytecode layer to isolate programs from the underlying platform. Current state-of-the-art commercial and research Java virtual machines implement advanced just-in-time and adaptive compilation techniques to deliver high-performance execution of Java bytecode. Yet, experimenting with new features such as adding new bytecodes or redesigning the type system can be a daunting task within these complex systems, when new features invalidate assumptions on which the internal dynamic optimizing compiler depends. On the other hand, simpler existing Java bytecode interpreters, written purely in high-level languages, deliver poor performance. The main motivation behind this thesis was to answer the question: How fast can a portable, easily modifiable Java bytecode interpreter be? In order to address this question, we have designed and developed the Sable VM research framework, a portable interpreter-based Java virtual machine written in portable C. In this thesis we introduce innovative techniques for implementing an efficient, yet portable Java bytecode interpreter. These techniques address three areas: instruction dispatch, memory management, and synchronization. Specifically, we show how to implement an inline-threaded engine in the presence of lazy code preparation, without incurring a high synchronization penalty. We then introduce a logical partitioning of runtime system memory that simplifies memory management, and a related sparse interface virtual table design for fast interface-method invocation. We show how to efficiently compute space-efficient garbage collection maps for verifiable bytecode. We also present a bidirectional object layout that simplifies garbage collection. Finally, we introduce an improvement to thin locks, eliminating busy-wait in case of contention. Our experiments within the Sable VM framework show that inline-threading [PR98] Java delivers significant performance improvement over switch and direct-threading, that sparse interface tables cause no memory loss, and that our map computation algorithm delivers a very small number of distinct garbage collection maps. Our overall performance measurements show that, using our techniques, a portable interpreter can deliver competitive interpretation performance, and even surpass that of a less-portable state-of-the-art interpreter on some benchmarks.

Effective inline-threaded interpretation of Java bytecode using preparation sequences

Abstract: Inline-threaded interpretation is a recent technique that improves performance by eliminating dispatch overhead within basic blocks for interpreters written in C [11]. The dynamic class loading, lazy class initialization, and multi-threading features of Java reduce the effectiveness of a straight-forward implementation of this technique within Java interpreters. In this paper, we introduce preparation sequences, a new technique that solves the particular challenge of effectively inline-threading Java. We have implemented our technique in the SableVM Java virtual machine, and our experimental results show that using our technique, inline-threaded interpretation of Java, on a set of benchmarks, achieves a speedup ranging from 1.20 to 2.41 over switch-based interpretation, and a speedup ranging from 1.15 to 2.14 over direct-threaded interpretation.

Instrumentation of Java Bytecode for Runtime Analysis

Abstract: This paper describes JSpy, a system for high-level instrumentation of Java bytecode and its use with JPaX, OUT system for runtime analysis of Java programs. JPaX monitors the execution of temporal logic formulas and performs predicative analysis of deadlocks and data races. JSpy s input is an instrumentation specification, which consists of a collection of rules, where a rule is a predicate/action pair The predicate is a conjunction of syntactic constraints on a Java statement, and the action is a description of logging information to be inserted in the bytecode corresponding to the statement. JSpy is built using JTrek an instrumentation package at a lower level of abstraction.

System and method for remote servicing of embedded devices

Abstract: A service system permits remote personnel to service a local embedded device. In an exemplary application, the device being diagnosed communicates with a local computer system that interfaces to a remote computer system via, for example, the Internet. A service program may be downloaded to the local computer system that enables diagnostic interaction with the device by the remote computer system. In some instances, the device is automatically queried for model number and/or other identifying information such that the service program is matched to the particular device being diagnosed. In other embodiments, a local user might, for example, visit a designated Web page, enter identifying information, and the appropriate diagnostic program, such as a JAVA applet, downloads to the local system. The downloaded applet may be used by the remote computer system to, for example, query the device, control its operation, re-program it, receive real-time operational data, etc.

Executing software in a network environment

Abstract: An executable is executed on a computer via a software component with customization data. The software component can be embedded in a document such as a web page. The software component may be, for example, an ActiveX control or a Java applet. The executable can be a remote deployment utility for installing software. To perform a remote deployment operation, such as an installation, uninstall, or update, on client computers on a network, instructions are sent from an administrator computer to plural client computers on the network. The plural client computers can be located in different domains. The remote deployment operation is then performed on the client computers. A remote deployment operation may be performed using a downloaded remote deployment utility.

Delivering non-default items in association with search results

Abstract: Techniques are provided for delivering search results pages to the users of a search engine, where one or more search result listings on the search results pages include items that are not included by default. The non-default items may take many forms, including but not limited to images, banners, controls, animations, and even Java applets. The non-default items may be designed to entice the search engine users to select the search result listing with which they are associated over possibly higher-ranked search result listings that contain only default items.

GIS for Everyone: The CommonGIS Project and Beyond

Abstract: Publisher Summary This chapter describes the project CommonGIS, which has the motto “GIS for everyone.” Its objective is to devise approaches and methods for making modem techniques of map-based exploratory data analysis accessible to a broad community of potential users. Besides technical accessibility, which is attained by applying the Java applet technology, it is important to ensure that the techniques are also utilized appropriately and effectively even by the users with little or no expertise in cartography or geographical information systems (GISs). This task is specially challenging because of the novelty of the exploratory tools. Experiments show that without previous instruction people make limited use of these tools. Therefore, it is very necessary to find proper ways of providing intelligent software-based assistance that will encourage and help people to use the tools. CommonGIS runs over the Internet by means of a standard web browser. It can be viewed both as an interactive Web-GIS (because it provides some standard GIS functionality) and as a tool for exploratory analysis of geographically referenced statistical data. To support the analysis, CommonGIS provides highly interactive and dynamically transformable maps and other types of data displays, in accord with the concept of “geographic visualization”.

Physlets for quantum mechanics

Abstract: Educators have often pinned their hopes of better instruction on emerging technologies such as television, computers, and the World Wide Web, yet teaching with technology-without a sound pedagogy-yields no significant educational gain. In addition, students often approach typical end-of-chapter textbook problems by finding a formula that contains the variables given in the problem statement, rather than first determining a problem's conceptual foundation. We use the technology of Physlets combined with pedagogical techniques such as just-in-time teaching to create alternative problems that we believe help students better develop their problem-solving ability and deepen their conceptual understanding. Physlets-physics applets-are small, flexible Java applets usable in a wide variety of Web applications. They have attributes that make them especially valuable for science education.

Java bytecode verification for secure information flow

Abstract: Security of Java programs is important as they can be executed in different platforms. This paper addresses the problem of secure information flow for Java bytecode. In information flow analysis one wishes to check if high security data can ever propagate to low security observers. We propose a static analysis similar to the type-level abstract interpretation used for standard bytecode verification. Instead of types, our technique works with secrecy levels assigned to classes, methods' parameters and returned values, and handles implicit information flows. A verification tool based on the proposed technique is under development. Using the tool, programs downloaded from untrusted hosts can be checked locally prior to executing them.

MPJava: High-Performance Message Passing in Java Using Java.nio

Abstract: We explore advances in Java Virtual Machine (JVM) technology along with new high performance I/O libraries in Java 1.4, and find that Java is increasingly an attractive platform for scientific cluster-based message passing codes.

Conversation thumbnails for large-scale discussions

Abstract: We present a new interface for large-scale online conversations Our technique, the Conversation Thumbnail, differs from existing discussion interfaces in two respects First, it employs a focus+context visualization technique that exploits message-level metadata to provide an easily navigable overview of a discussion Second, it helps reduce conversational redundancy and improve coherence via a fast automatic search mechanism that highlights related messages during message composition The Conversation Thumbnail Viewer is currently implemented as a Java applet that can be applied to a variety of discussion data sources

Manufacturing process and material selection in concurrent collaborative design of MEMS devices

Abstract: In this paper we present knowledge of an intensive approach and system for selecting suitable manufacturing processes and materials for microelectromechanical systems (MEMS) devices in concurrent collaborative design environment. In the paper, fundamental issues on MEMS manufacturing process and material selection such as concurrent design framework, manufacturing process and material hierarchies, and selection strategy are first addressed. Then, a fuzzy decision support scheme for a multi-criteria decision-making problem is proposed for estimating, ranking and selecting possible manufacturing processes, materials and their combinations. A Web-based prototype advisory system for the MEMS manufacturing process and material selection, WebMEMS-MASS, is developed based on the client–knowledge server architecture and framework to help the designer find good processes and materials for MEMS devices. The system, as one of the important parts of an advanced simulation and modeling tool for MEMS design, is a concept level process and material selection tool, which can be used as a standalone application or a Java applet via the Web. The running sessions of the system are inter-linked with webpages of tutorials and reference pages to explain the facets, fabrication processes and material choices, and calculations and reasoning in selection are performed using process capability and material property data from a remote Web-based database and interactive knowledge base that can be maintained and updated via the Internet. The use of the developed system including operation scenario, use support, and integration with an MEMS collaborative design system is presented. Finally, an illustration example is provided.

Verified Java Bytecode Verification

Abstract: The bytecode verifier is an important part of Java's security architecture. This thesis presents a fully formal, executable, and machine checked specification of a representative subset of the Java Virtual Machine and its bytecode verifier together with a proof that the bytecode verifier is safe. The specification consists of an abstract framework for bytecode verification which is instantiated step by step with increasingly expressive type systems covering all of the interesting and complex properties of Java bytecode verification: classes, objects, inheritance, virtual methods, exception handling, constructors, object initialization, bytecode subroutines, and arrays. The instantiation yields two executable verified bytecode verifiers: the iterative data flow algorithm of the standard Java platform and also a lightweight bytecode verifier for resource-constrained devices such as smart cards. All specifications and proofs have been carried out in the interactive theorem prover Isabelle/HOL. Large parts of the proofs are written in the human-readable proof language Isabelle/Isar making it possible to understand and reproduce the reasoning independently of the theorem prover. All formal proofs in this thesis are machine checked and generated directly from Isabelle sources.